The solution JISCMAIL uses is following: From: "VON KAEHNE, Peter (NHS .... )" < 0......0-dmarc-requ...@jiscmail.ac.uk> Reply-To: Rural General Practitioners Association of Scotland < rg...@jiscmail.ac.uk> To: rg...@jiscmail.ac.uk Subject: Re: [RGPAS] ....
The From header is rewritten and a unique code for the email used. I am not sure if this new "address" has any function of any sort. A ReplyTo header is added with the list address. I am receiving this list on NHS-net which is a major user of Microsoft's corporate email provider. The settings are paranoid and have always been. I received many DMARC related warnings on that list while MS and the NHS slowly tightened the rules until JISCMAIL was amending its processing of mailing lists. Peter On Mon, 2019-03-04 at 11:21 +0100, Zdenek Wagner wrote: > Hi, > > I am afraid that the subject prefix is just one of several reasons. I > have just examined the recent reply by Norbert Preining. Gmail > reports: > SPF: PASS, DKIM: FAIL, DMARC: FAIL. > > Further examination shows that the mail was sent from 91.121.174.77 > which is listed in SPF as a permitted sender for tug.org. DKIM is > taken from the original sender, i.e. from logic.at. The > authentication > header says: > > Authentication-Results: mx.google.com; > dkim=fail header.i=@logic.at header.s=dkim header.b=nSpPkmsD; > spf=pass (google.com: domain of > tex-live-bounces+zdenek.wagner=gmail....@tug.org designates > 91.121.174.77 as permitted sender) > smtp.mailfrom="tex-live-bounces+zdenek.wagner=gmail....@tug.org"; > dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=logic.at > > The detailed description of the signature says: > > DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=logic.at; > s=dkim; t=1551675717; > bh=btyCANRBRIWj8PY5MX1c7XBCEyZHPpgSm6TopL4NIjQ=; > h=Date:From:To:Cc:Subject:References:In-Reply-To:From; > b=nSpPkmsDIdLW56sQ7c6w1PYZRv4qx58amqMrkT7KIkyFd1Uk+58yr9bMjE/E7YCHf > xlITlT1MoM5mG2pQDbdKshrzhCRF6UfymeZprptomBVtf6LBt2CuCkA+ijLG7+eEZ3 > lEN5uexB1G72AqYiihhbTrpK2pyqh1y6j54EC+CI= > > "h" shows the list of the header fields that were signed by the > logic.at sender. If any of them is changed by the listserv, the > signature becomes invalid. The sender decides in the corresponding > TXT > record in the DNS what to do with such mails, it may be allowed to > accept them but the receivers can have stricter policy and reject > them. > > I do not know how to solve it. Probably the listserv should verify > DMARC of a submitted message. If it decides to accept the mail and > distribute it, the original signature should be removed, From should > be modified so that DKIM is taken from tug.org and the headers should > get a new signature. > > I am not an expert, it took me a long time to configure my sendmail > to > provide correct DMARC but this may be the way. > > > > Zdeněk Wagner > http://ttsm.icpf.cas.cz/team/wagner.shtml > http://icebearsoft.euweb.cz > > po 4. 3. 2019 v 7:02 odesílatel Peter von Kaehne <ref...@gmx.net> > napsal: > > On Sun, 2019-03-03 at 16:05 -0700, Karl Berry wrote: > > > Hi - I've removed the "[XeTeX]" prefix on Subject lines from this > > > mailing list (xetex)'s messages. It is my hope that this will > > > reduce > > > the ever-increasing flood of dmarc failures > > > (https://en.wikipedia.org/wiki/DMARC). > > > > Isn't the problem with DMARC around the FROM: header? I can not see > > how > > altering the subject line is going to make a blind bit of > > difference > > when the real problem is that the FROM header still points at the > > author's domain. > > > > Peter > >